Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am d04d6c91: am b7d85148: Merge "Allow root and system to bypass the always-on VPN firewall rules" into lmp-dev

Browse Source 
* commit 'd04d6c91a311af7a52f05fac5935c9327a990046':
  Allow root and system to bypass the always-on VPN firewall rules
This commit is contained in:
Lorenzo Colitti
2014-10-16 18:35:21 +00:00
committed by Android Git Automerger
parent 94dbc64c98 d04d6c91a3
commit e526668eae
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
services/core/java/com/android/server/net/LockdownVpnTracker.java
View File

@@ -35,6 +35,7 @@ import android.os.INetworkManagementService;
import android.os.RemoteException; import android.os.RemoteException;
import android.security.Credentials; import android.security.Credentials;
import android.security.KeyStore; import android.security.KeyStore;
import android.system.Os;
import android.text.TextUtils; import android.text.TextUtils;
import android.util.Slog; import android.util.Slog;
@@ -64,6 +65,8 @@ public class LockdownVpnTracker {
private static final String ACTION_VPN_SETTINGS = "android.net.vpn.SETTINGS"; private static final String ACTION_VPN_SETTINGS = "android.net.vpn.SETTINGS";
private static final String EXTRA_PICK_LOCKDOWN = "android.net.vpn.PICK_LOCKDOWN"; private static final String EXTRA_PICK_LOCKDOWN = "android.net.vpn.PICK_LOCKDOWN";
private static final int ROOT_UID = 0;
private final Context mContext; private final Context mContext;
private final INetworkManagementService mNetService; private final INetworkManagementService mNetService;
private final ConnectivityService mConnService; private final ConnectivityService mConnService;
@@ -193,6 +196,9 @@ public class LockdownVpnTracker {
setFirewallEgressSourceRule(addr, true); setFirewallEgressSourceRule(addr, true);
} }
mNetService.setFirewallUidRule(ROOT_UID, true);
mNetService.setFirewallUidRule(Os.getuid(), true);
mErrorCount = 0; mErrorCount = 0;
mAcceptedIface = iface; mAcceptedIface = iface;
mAcceptedSourceAddr = sourceAddrs; mAcceptedSourceAddr = sourceAddrs;
@@ -279,6 +285,10 @@ public class LockdownVpnTracker {
for (LinkAddress addr : mAcceptedSourceAddr) { for (LinkAddress addr : mAcceptedSourceAddr) {
setFirewallEgressSourceRule(addr, false); setFirewallEgressSourceRule(addr, false);
} }
mNetService.setFirewallUidRule(ROOT_UID, false);
mNetService.setFirewallUidRule(Os.getuid(), false);
mAcceptedSourceAddr = null; mAcceptedSourceAddr = null;
} }
} catch (RemoteException e) { } catch (RemoteException e) {